Apply the policy map to the inside interface, then verify that it is active using…

SIMULATION
Apply the policy map to the inside interface, then verify that it is active using an appropriate show command.

SIMULATION
Apply the policy map to the inside interface, then verify that it is active using an appropriate show command.

Answer: See the explanation

Explanation:
We need to create a policy map named inside-policy and send the traffic to the CXSC blade:
ASA-FW# config t
ASA-FW(config)# policy-map inside-policy
ASA-FW(config-pmap)# policy-map inside-policy
ASA-FW(config-pmap)# class class-default
ASA-FW(config-pmap-c)# cxsc fail-close auth-proxy
ASA-FW(config-pmap-c)# exit
ASA-FW(config-pmap)# exit
The fail-close is needed as per instructions that if the CX module fails, no traffic should be allowed.
The auth-proxy keyword is needed for active authentication.
Next, we need to apply this policy map to the inside interface:
ASA-FW(config)#service-policy inside-policy interface inside.
Finally, verify that the policy is active:
ASA-FW# show service-policy interface inside
Interface inside:
Service-policy: inside-policy
Class-map: class-default
Default Queueing CXSC: card status Up, mode fail-close, auth-proxy enabled
Packet input 181, packet output 183, drop 0, reset-drop 0, proxied 0
Configuration guidelines can be found at this reference link:

http://www.cisco.com/c/en/us/td/docs/security/asa/asa84/configuration/guide/asa_84_cli_config/
modules_cx.pdf



Leave a Reply 0

Your email address will not be published. Required fields are marked *